In this report

The 20 critical security controls identified in the Consensus Audit Guidelines represent the highest-priority defenses that enterprises should focus on, based on the likelihood of real-world attacks. The categories, which are not presented in order of priority, are broken down into those that can be validated at least in part in an automated manner and those that involve manual validation.